Approaching Security Projects After Prior Efforts Failed

Author by Chris Blackburn

Sometimes in our work with clients we assist with security projects that occur subsequent to one or more failures in prior efforts to achieve security improvements. In these situations, we are usually able to quickly identify the reasons why past efforts failed and plan a new project that we know—based on many experiences elsewhere—will succeed. Sometimes the new project uses the same technology as the failed project. Sometimes we suggest an entirely different approach.

As part of moving forward toward a successful implementation, it’s helpful to get at the root of why a past project failed, whether in implementation or user adoption. What factors were technical? What factors were communication-related? Are the right people working closely enough together? Where are the knowledge gaps? Questions along these lines—shared across both IT and business leaders—helps everyone maintain the security-first mindset that’s necessary to protect the organization.

That’s true even in the cases in which it’s difficult to pinpoint exactly what went wrong—and exactly why isn’t always necessary to pinpoint anyway, so long as a shared dedication to success is maintained and supported throughout the organization on a going-forward basis. After all, the alternative is pretty unattractive—unneeded software fees, lower employee productivity, wasted IT budgets, and more.

Perhaps the worst potential result of failed projects (not just security but projects of any type) is frustration that leads to disillusionment and a failure to keep moving forward assertively. Security topics are especially vulnerable to a negative kind of inertia, because they may be perceived as a resource allocation that doesn’t directly further the organization’s business activities as much as, say, custom application development or business process improvements.
Even a successfully executed security project may not ever be measurable in its impact—rather, “success” comes in what’s avoided: loss of intellectual property, loss of customers, loss of reputation, and more.

As headline after headline demonstrates, security is an absolute requirement. It’s dangerous for organizations to put off the necessary attention to their systems and practices. That’s why it’s important to include security topics in roadmap-planning and to engage experts as needed to complement internal talents. For ideas on incorporating security topics into your IT roadmaps, learn more about Concurrency’s security solutions.  
 
Tags in this Article